Destruction of GuiRunner's EventManager causes a segfault at exit #1443

azeey · 2022-04-12T23:06:58Z

Environment

OS Version: Ubuntu 20.04
Source or binary build? main, b2549dd

Description

Expected behavior: No segfault at exit
Actual behavior: A segfault occurs when the GUI terminates due to what appears to be the destruction of GuiRunner's EventManager object. I believe the cause for this is as follows:
- GuiRunner's EventManager object contains ignition::common::EventT objects created by GUI plugins. Since these are templates, the vtable for the objects is stored in the shared library of the GUI plugin that creates the EventT objects.
- event::SceneUpdate is emitted in RenderUtil.cc which is part of libignition-gazebo7-rendering.so. And libGzSceneManager.so depends on libignition-gazebo7-rendering.so. Emitting that event creates the EventT object which is stored in GuiRunner's EventManager object, but the vtable is stored in libignition-gazebo7-rendering.so.
- When the GUI terminates, libGzSceneManager.so is unloaded, which in turn unloades libignition-gazebo7-rendering.so. This invalidates the vtable for the event::SceneUpdate object contained in GuiRunner's EventManager object.
- When it's time for GuiRunner's EventManager object to be destroyed, the virtual destructor for the event::SceneUpdate object is called, but since the pointer to the destructor points to an address that is no longer accessible, a segfault occurs.

Other notes:

This is a similar issue to EntityByComponents causes a crash on exit #1158, but this time it involves EventT.
This segfault does not occur in ign-gazebo6. I'm not sure what changed between ign-gazebo6 and main, but the only difference I can tell so far is in main, libGzSceneManager.so is unloaded in when you exit before GuiRunner is destroyed. In ign-gazebo6, it never gets unloaded.

Steps to reproduce

Run ign gazebo empty.sdf
Type ctrl-c on the terminal

Output

Stack trace

#31   Object "/home/addisu/.rbenv/versions/2.5.1/lib/libruby.so.2.5", at 0x7f192f6eec78, in
#30   Object "/home/addisu/.rbenv/versions/2.5.1/lib/ruby/2.5.0/x86_64-linux/fiddle.so", at 0x7f192e01d8b4, in
#29   Object "/home/addisu/.rbenv/versions/2.5.1/lib/libruby.so.2.5", at 0x7f192f6c3ee7, in rb_thread_call_without_gvl
#28   Object "/home/addisu/.rbenv/versions/2.5.1/lib/ruby/2.5.0/x86_64-linux/fiddle.so", at 0x7f192e01da77, in
#27   Object "/usr/lib/x86_64-linux-gnu/libffi.so.6", at 0x7f192ddd171e, in ffi_call
#26   Object "/usr/lib/x86_64-linux-gnu/libffi.so.6", at 0x7f192ddd1dad, in ffi_call_unix64
#25   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-ign.so.7.0.0~pre1", at 0x7f192d0ff9d0, in runGui
#24   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd2eb39, in ignition::gazebo::v7::gui::runGui(int&, char**, char const*, char const*)
#23   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd30677, in std::unique_ptr<ignition::gui::Application, std::default_delete<ignition::gui::Application> >::~unique_ptr()
#22   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd31403, in std::default_delete<ignition::gui::Application>::operator()(ignition::gui::Application*) const
#21   Object "/home/addisu/ws/garden/install/lib/libignition-gui7.so.7", at 0x7f192ac365cc, in ignition::gui::Application::~Application()
#20   Object "/home/addisu/ws/garden/install/lib/libignition-gui7.so.7", at 0x7f192ac36326, in ignition::gui::Application::~Application()
#19   Object "/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5", at 0x7f192a6c949d, in QApplication::~QApplication()
#18   Object "/usr/lib/x86_64-linux-gnu/libQt5Core.so.5", at 0x7f192af2a97d, in QCoreApplication::~QCoreApplication()
#17   Object "/usr/lib/x86_64-linux-gnu/libQt5Core.so.5", at 0x7f192af5c4be, in QObject::~QObject()
#16   Object "/usr/lib/x86_64-linux-gnu/libQt5Core.so.5", at 0x7f192af51eed, in QObjectPrivate::deleteChildren()
#15   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd425d9, in ignition::gazebo::v7::GuiRunner::~GuiRunner()
#14   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd425ad, in ignition::gazebo::v7::GuiRunner::~GuiRunner()
#13   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7354f, in std::unique_ptr<ignition::gazebo::v7::GuiRunner::Implementation, void (*)(ignition::gazebo::v7::GuiRunner::Implementation*)>::~unique_ptr()
#12   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7a403, in void ignition::utils::detail::DefaultDelete<ignition::gazebo::v7::GuiRunner::Implementation>(ignition::gazebo::v7::GuiRunner::Implementation*)
#11   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7a31d, in ignition::gazebo::v7::GuiRunner::Implementation::~Implementation()
#10   Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd732ab, in ignition::gazebo::v7::EventManager::~EventManager()
#9    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7326b, in std::unordered_map<std::reference_wrapper<std::type_info const>, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> >, ignition::gazebo::v7::EventManager::Hasher, ignition::gazebo::v7::EventManager::EqualTo, std::allocator<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > > > >::~unordered_map()
#8    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7a2df, in std::_Hashtable<std::reference_wrapper<std::type_info const>, std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, std::allocator<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > > >, std::__detail::_Select1st, ignition::gazebo::v7::EventManager::EqualTo, ignition::gazebo::v7::EventManager::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::~_Hashtable()
#7    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd7fe8b, in std::_Hashtable<std::reference_wrapper<std::type_info const>, std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, std::allocator<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > > >, std::__detail::_Select1st, ignition::gazebo::v7::EventManager::EqualTo, ignition::gazebo::v7::EventManager::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::clear()
#6    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd851ab, in std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true> > >::_M_deallocate_nodes(std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true>*)
#5    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd88fbc, in std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true> > >::_M_deallocate_node(std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true>*)
#4    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd8c3e8, in void std::allocator_traits<std::allocator<std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true> > >::destroy<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > > >(std::allocator<std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true> >&, std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >*)
#3    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd92ef9, in void __gnu_cxx::new_allocator<std::__detail::_Hash_node<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >, true> >::destroy<std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > > >(std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >*)
#2    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd92ed5, in std::pair<std::reference_wrapper<std::type_info const> const, std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> > >::~pair()
#1    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd95c5d, in std::unique_ptr<ignition::common::Event, std::default_delete<ignition::common::Event> >::~unique_ptr()
#0    Object "/home/addisu/ws/garden/install/lib/libignition-gazebo7-gui.so.7", at 0x7f192cd9731e, in std::default_delete<ignition::common::Event>::operator()(ignition::common::Event*) const
Segmentation fault (Address not mapped to object [0x7f18eece5cb8])

The text was updated successfully, but these errors were encountered:

adlarkin · 2022-04-14T18:34:27Z

This segfault does not occur in ign-gazebo6. I'm not sure what changed between ign-gazebo6 and main, but the only difference I can tell so far is in main, libGzSceneManager.so is unloaded in when you exit before GuiRunner is destroyed. In ign-gazebo6, it never gets unloaded.

Is there any reason why libGzSceneManager.so is unloaded in main, but not on ign-gazebo6? I guess one patch for this issue is to never unload libGzSceneManager.so in main, but I'm guessing we don't want to do that since that could technically result in memory leaks.

azeey · 2022-09-26T16:53:02Z

Fixed by gazebosim/gz-gui#469

azeey added the bug Something isn't working label Apr 12, 2022

azeey mentioned this issue Apr 12, 2022

Cherry-Pick #1317: Fix segfault at exit #1441

Merged

chapulina added the GUI Gazebo's graphical interface (not pure Ignition GUI) label Apr 13, 2022

chapulina assigned azeey Apr 18, 2022

methylDragon mentioned this issue May 23, 2022

ign -> gz Namespace Migration : gz-sim #1496

Merged

This was referenced Aug 15, 2022

Fix crash at exit of gz-sim by using RTLD_NODELETE=true when loading libraries gazebosim/gz-gui#469

Merged

Use RTLD_NODELETE=true when loading libraries #1649

Merged

azeey closed this as completed Sep 26, 2022

azeey mentioned this issue Jan 31, 2024

Gazebo (Fortress) GUI crashes at exit when lto is enabled #2301

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Destruction of GuiRunner's EventManager causes a segfault at exit #1443

Destruction of GuiRunner's EventManager causes a segfault at exit #1443

azeey commented Apr 12, 2022

adlarkin commented Apr 14, 2022

azeey commented Sep 26, 2022

Destruction of GuiRunner's EventManager causes a segfault at exit #1443

Destruction of GuiRunner's EventManager causes a segfault at exit #1443

Comments

azeey commented Apr 12, 2022

Environment

Description

Steps to reproduce

Output

adlarkin commented Apr 14, 2022

azeey commented Sep 26, 2022